feat: [AIDX-130] add notification channel settings content updates

auth4genai/intro/asynchronous-authorization.mdx

@@ -66,6 +66,26 @@ The flow generally proceeds as follows:
   </Step>
 </Steps>
 
+## User consent and Notification Channel Selection
+
+When sending the backchannel authorization request, Auth0 must decide the appropriate notification channel when reaching the user for approval. These are the currently available options (in order of preference):
+
+1. **MFA Push Notification**: Challenge MFA Push factor which sends a push notification to the user's enrolled device. Authentication and authorization happens in the device that received the notification.
+2. **Email**: Sends an email to a verified address associated to the user. The email contains a link and authentication & authorization happens in the browser.
+
+<Note>
+**Enterprise Feature:** Email notifications for asynchronous authorization are now available for Enterprise plans.
+</Note>
+
+The selection logic of the channel will be by the order in the list above. However, there are factors that may influence the decision.
+- The **Auth0 client's notification channel**: within the Auth0 application details screen, notification channels can be enabled or disabled for asynchronous authorization requests. These will configure the client's `async_approval_notification_channels` array setting. Currently available options are `guardian-push` and `email`.
+- **Requested expiry**: when the agent's backend specifies a *requested expiry* greater than 5 minutes, MFA Push notification becomes a non-eligible option.
+- **MFA configuration at the tenant level**: a MFA Push Notification channel must be configured for the tenant for this notification channel to be selected. See more details [here](https://auth0.com/docs/secure/multi-factor-authentication/auth0-guardian#enroll-in-push-notifications) about configuring your tenant to use Auth0 Guardian with push notifications. (***note***: *only the Auth0 Guardian push factor is supported at this time.*)
+- **User's enrolled authenticators**: if the user is not enrolled to use an MFA push authenticator, the current behavior is to fallback to Email instead of rejecting the request.
+- **User's email verification status**: if the user's email is not verified, we assume sending emails to an unverified email address is not desired, and the request will be rejected.
+
+You can read more about the notification channel selection in the [Configure Client-Initiated Backchannel Authentication](https://auth0.com/docs/get-started/applications/configure-client-initiated-backchannel-authentication) documentation.
+
 ## Get started
 
 To begin using Asynchronous Authorization in your AI agents, refer to the following resources:

auth4genai/snippets/get-started/prerequisites/async-auth.jsx

@@ -47,6 +47,22 @@ export const Prerequisites = ({
       type.
     </Step>,
 
+    <Step title="Configure Notification Channel settings">
+      Configure the notification channels (such as email or push notifications) for your Auth0 Application. Go to{" "}
+      <strong>
+        Applications &gt; [Your Application] &gt; Settings &gt; Client-Initiated Backchannel Authentication (CIBA) section &gt;
+      </strong>{" "}
+      and enable the{" "} notification channel(s) to use with the asynchronous authorization requests for this application.
+
+      To learn more about <strong>configuring notification channels</strong> and using the <strong>requested expiry</strong> setting, read the {" "}
+      <a
+        href="/ai/docs/intro/asynchronous-authorization#user-consent-and-notification-channel-selection"
+        target="_self"
+      >
+        Asynchronous Authorization
+      </a>
+      {" "} documentation.
+    </Step>,
     <Step title="Enable Guardian Push">
       Enable Mutli-factor authentication (MFA) with Guardian Push Notifications
       for your Auth0 tenant. To learn more about MFA with Guardian, read the{" "}